AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

How can you filter by json property in cloudwatch log?

0

I have json being logged in cloudwatch log. I am trying to filter by specific json property value. I am using the dot notation. It never finds what I know is there.

This is in the log

{ "requestId": "abc123", "apiId": "123456"}

I am filtering with this

{$.requestId="abc123"}

It never finds the log item. Is this supposed to work?

질문됨 3년 전2.1만회 조회
2개 답변
1

Hi Andyn,

That {$.requestId="abc123"} looks like a valid filter for JSON formatted logs, and yes it is supported and it should work if the log event(s) are in the log group. You can check more details from (1).

I just checked the 'log event' and 'filter pattern' you have provided which is working as expected on my end with replication. Have you checked the retention policy of the Log Group ? and whether the log event(s) that should be matching are recent(not past the Retention policy period)?

For instance, to check whether your filter pattern is working or not you can setup a test Log Group/Log Stream and create log event using the Console. The steps are -> CW Console -> Log Groups -> go into the Log Stream -> Action -> Create log event. Then you can test with adjusting the filter with matching and non-matching patterns to see if the filter works or not.

If you are still encountering problems filtering the log events, please try with specific and short time ranges rather than just filtering with default settings on the console. Further, if you have a Premium Support subscription consider creating Technical Support case under CloudWatch Logs service so that we can assist you in a private setting.

(1) Filter and pattern syntax - Matching terms in JSON log events - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html#matching-terms-events-json

Thanks

AWS
지원 엔지니어
답변함 3년 전
  • The filter works when I manually create the log event and search it. Problem seems to be searching older events. They just dont show up. I have log events from 2 weeks ago. I set the search range to 4 weeks. Still does not find it. I am testing this because I noticed that our log group metric filter alarms are not working because the filter is not catching events. The filter works when I test them when creating the alarm, but when I test them manually in log group filter it does not work. The alarms are not getting triggered because the {$.xxx} filter thing is not working. I will probably need to resort to straight text string matching. Something definitely wrong here with filtering.

1

Try to run it from Logs Insights and using smth like filter requestId="abc123" Some doc is here: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_RunSampleQuery.html

답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠